Know the risks - Zurich

• Reviewing how appropriate financial and operational information is provided tosenior management and board members• Evaluating the overall effectiveness of the board“Typical lawsuits broughtagainst directors of depositoryinstitutions for breaching theirduty of care include:1. Failure to supervise2. Failure to implementappropriate complianceprograms3. Negligent lending andreserving practices4. Failure to respond towarnings or criticismsfrom regulators, auditorsand others”Directors are entitled to rely on information, opinions, reports or statements,including financial statements or other data, prepared by employees, legal counsel,public accountants or other experts or professionals, or committees of the board ofdirectors if the directors reasonably believe that such sources merit confidence. Ofcourse, directors may not rely upon these people if they have knowledge of facts orinformation that would make this reliance unwarranted.Examples of lawsuits typically brought against directors of depository institutions forbreaching their duty of care include the following:1. Failure to superviseDirectors have a duty to supervise other directors, as well as the institution’s officers.While a director may not be directly involved in fraud or embezzlement, the directormay be liable if he or she failed to establish or follow adequate internal controls.State and federal regulators may pursue directors for failing to exercise adequatesupervision. Most notably, regulatory agencies will often sue directors of an insolventdepository institution for negligence and breach of fiduciary duty, as well as breachof various statutory duties, based on the directors’ failure to supervise or adequatelydirect management after unsafe practices have been called to the directors’ attention.The supervisory role of directors is of particular importance as depository institutionsexpand into new lines of business. The decision to enter a new line of business mustbe carefully considered. Acquisitions and entries into new lines of business should beundertaken only after development and analysis of a business plan prepared with theassistance of consultants or advisors with established expertise in the new business.Managing the new business may require special skills or expertise unavailable amongexisting personnel, and the depository institution may be exposed to market factorsand risks of a nature and magnitude different from those affecting the institution’straditional operations.2. Failure to implement appropriate compliance programsA director’s duty of care includes a duty to establish internal compliance programsto identify and curtail misconduct by an institution’s employees and agents, as wellas a duty to monitor those programs to be sure they are effective.Courts used to be reluctant to require directors to take affirmative steps to implementinternal compliance programs – unless, of course, there were obvious problems ofwhich the directors should have been aware. No more. It is now clear that a director’sduty of care includes an affirmative obligation to establish and maintain programs tomonitor whether the institution is complying with applicable law.3. Negligent lending and reserving practicesMany cases brought against depository institution directors have involved improper,unauthorized, excessive or badly documented loans or overdrafts. One recurrentproblem is the lending of excessive amounts to one borrower or an affiliated group5Financial institutions guide

of borrowers. Directors who allow loans to be approved in excess of an institution’slending limits may be liable for the entire amount of the improper loan. 4Other common examples of negligence in lending include:• Failing to obtain financial statements and other adequate information about thecredit standing of borrowers• Lending on inadequate security or without a proper appraisal• Lending to favored borrowers or “cronies”• Lending to businesses run by persons with little or no experience• Permitting a large volume of delinquent or classified loans to build up• Failing to establish adequate reserves or overreserving• Permitting undue concentration of loans in a single industry or field of activity(e.g., commercial construction)4. Failure to respond to warnings or criticisms from regulators, auditorsand othersOften, regulators or private auditors will render an audit or examination reportcontaining specific criticisms of a depository institution’s lending practices oroperations. Directors who ignore these warnings act at their own peril. Manycomplaints against directors allege that they were aware of problems with theinstitutions’ practices, yet failed to establish or adhere to policies designed torespond to those warnings and criticisms.The “Business Judgment” RuleThe actions of directors undertaken in good faith and for a rational business purposewill ordinarily be protected by the “business judgment” rule, which means that thecourts will not overturn corporate decisions and substitute their own judgment forthe business judgment of the directors. As one court has stated:Directors of corporations discharge their fiduciary duties when in good faith theyexercise business judgment in making decisions regarding the corporation. Whenthey act in good faith, they enjoy a presumption of sound business judgment,reposed in them as directors, which courts will not disturb if any rational businesspurpose can be attributed to their decisions. In the absence of fraud, bad faith,gross overreaching or abuse of discretion, courts will not interfere with theexercise of business judgment by corporate directors. 54 See, e.g., Corsicana National Bank v. Johnson,251 U.S. 68 (1919).5 Panter v. Marshall Field & Co., 646 F.2d 271,293 (7th Cir. 1981). Directors are cautioned thatthe business judgment rule has been stated indifferent ways by different courts. Whether aparticular court will apply the business judgmentrule in a particular case may depend on thecourt’s “feel” for whether the directors actedwith reasonable care under the circumstances.6Financial institutions guide

While the scope and application of the “business judgment” rule differ from stateto-state,there are five prerequisites that must generally be present before the rulewill apply:• There must be a business decision. The rule protects directors in connection withaffirmative decisions that comply with the rule, but not for inaction or generalfailures of oversight.• The directors must be disinterested. The rule protects directors who aredisinterested and independent, but not directors who appear on both sides of atransaction or who expect to derive any personal financial benefit from it.• The directors must act with due care. The rule protects directors who reach aninformed decision after making a reasonable effort to identify and evaluate allrelevant information reasonably available to them and who reasonably deliberatethe decision. 6• The directors must act in good faith. The rule protects directors who actwith a good faith belief that their business decision is in the best interests ofthe corporation.• The directors must not abuse their discretion. The rule protects directors againsthonest errors of judgment, but not for decisions that cannot be supported bysome rational basis and are egregious on their face.A plaintiff challenging a director’s decision bears the burden of proving that at leastone of those elements is not present. If a plaintiff is able to do so, the burden shifts tothe director to prove the “entire fairness” of the transaction. 7 This “entire fairness”standard can be a very high burden because the director must establish his or herutmost good faith and the most scrupulous inherent fairness of the transaction, bothin terms of fair dealing and fair price. 8 A director’s subjective belief as to the fairness ofa transaction is not sufficient for this purpose.6 See, e.g., Smith v. Van Gorkom, 488 A.2d 858(Del. 1985).7 Grobow v. Perot, 539 A.2d 180 (Del. 1988).8 Cede & Co. v. Technicolor, Inc., 634 A2d 345(Del. 1993).9 In re Walt Disney Co. Derivative Litig., 825 A.2d275 (Del. Ch. 2003).10 In re The Walt Disney Company DerivativeLitigation, 2005 Del. Ch. LEXIS 113 (Aug. 9,2005)11 Id.Board decisions regarding executive compensation have become one of the morefrequently litigated issues under the “business judgment” rule in recent years. Theprotracted and highly-publicized litigation challenging Disney’s payment of severancecompensation to Michael Ovitz is reflective of the trend of increased litigationregarding compensation arrangements that are or appear to be excessively generousor poorly structured. In a commonly-cited pre-trial opinion, the Delaware ChanceryCourt held that the “business judgment” rule did not protect Disney’s directors fromallegations that they failed to evaluate, negotiate or approve Ovitz’s employmentagreement. 9 Following a lengthy trial, the Court eventually ruled that Disney’s directorsdid in fact act in good faith and, therefore, were not liable. 10While the Court recognized that many aspects of Ovitz’s hiring and termination“reflect[ed] the absence of ideal corporate governance,” the court neverthelessultimately deferred to the directors’ good faith judgment. 117Financial institutions guide

Statutory and regulatory dutiesIn addition to the common law duties discussed above, federal and state statutesand regulations impose further obligations and limitations upon directors andprovide means for supervising and enforcing those requirements. The following setsforth an overview of the most prevalent duties and requirements imposed upondirectors by those statutes and regulations:Qualifications and restrictions on board membershipUnlike other institutions, directors of national banks must meet certain eligibilityrequirements, including citizenship and residence. 19 Upon appointment orelection, a director of a national bank must take an oath that he or she will“diligently and honestly” administer the affairs of the bank and that he or shewill not “knowingly violate or willingly permit to be violated” any provision ofthe National Bank Act. 20 Independent of the common law duties of directors, thisoath requires a director of a national bank to take steps to ensure that the bankobserves applicable laws and regulations.Various provisions of federal law further prohibit or restrict bank directors from servingas directors or officers of other types of institutions or otherwise regulating suchrelationships. 21 For instance:• Except in certain limited circumstances, no director or officer of any member bankof the Federal Reserve System may be at the same time a director or officer of anyother bank organized under the National Bank Act or state law. 22• Federal law prohibits a director of any depository institution with assets exceeding$2.5 billion from serving as a director of any other nonaffiliated depositoryinstitution having assets exceeding $1.5 billion. 23• There are statutory restrictions on interlocks between depository institutions in thesame geographical area. 24• Individuals who have been convicted of any criminal offense involving dishonestyor a breach of trust may serve as bank directors only with prior FDIC approval. 25In addition, many states impose other requirements for directors of statecharteredinstitutions.Heightened duties and liabilities for depository institutions19 12 U.S.C. § 72.20 Id.21 For example, 16 U.S.C. § 825(b) (publicutilities), 15 U.S.C. § 79q(c) (public utilityholding companies), and 15 U.S.C. § 80a-10(c)(investment companies).22 15 U.S.C. § 19.23 12 U.S.C. § 3203.24 12 U.S.C. § 3202, et seq.25 12 U.S.C. § 1829.A director of a depository institution may be personally liable under 12 U.S.C. §93 for violations by a bank or its officers, agents or employees of the provisionsof the National Bank Act, if the director participates in or permits such violations.This potential statutory liability is in addition to any civil liability for any breach by adirector of his common law duties. Even so, a bank director does not automaticallybecome an insurer against all losses suffered in connection with an unlawful actof the bank. In order for a bank director to be personally liable under 12 U.S.C. §93, the director must “knowingly violate, or knowingly permit any of the officers,9Financial institutions guide

agents, or servants of the [bank] to violate” the statute in question. Courts havesaid that a deliberate refusal to investigate that which the director has a dutyto investigate is tantamount to an intentional violation of the law, subjectinga director to personal liability for resulting losses. 26 Accordingly, bank directorsshould familiarize themselves with the laws applicable to national banks in orderto recognize when there may be a duty to investigate. Bank directors will not beexcused from this duty simply because they lack an understanding of the pertinentstatutes and regulations.National banks are subject to limitations on the amount they may lend to a singleborrower based on the bank’s capital and surplus and a national bank may not makea loan secured by its own stock. Bank directors who knowingly violate or knowinglypermit violations of any such limitations may be personally liable under the NationalBank Act. 27A wide array of other statutory and regulatory provisions govern the operation ofdepository institutions, including:• Depository institutions must maintain certain specified reserves and are subject torestrictions on paying dividends. 28• Depository institutions must make periodic reports as required by law. 29• Loans to “insiders” must be made on substantially the same terms, includinginterest rates and collateral, as those prevailing at the time for comparabletransactions with other persons and must not involve more than the normal risk ofrepayment or present other unfavorable features. 30• Depository institutions may not engage in impermissible “tying” arrangements. 31Directors who violate or participate in violations of those statutes and regulationscould be liable to the same extent as the financial institution.Regulatory Examinations26 Corsicana National Bank v. Johnson, supra at71-72; Michelsen v. Penney, 135 F.2d 409, 420(2d Cir. 1943).27 See, e.g., del Junco v. Conover, 682 F.2d 1338,1341-42 (9th Cir. 1982), cert. denied 103 S.Ct.786 (1983).28 12 U.S.C. § 60.29 12 U.S.C. § 161. See, e.g., Chesbrough v.Woodworth, 244 U.S. 72, 76 (1917); Harmsenv. Smith, 542 F.2d 496, 500 (9th Cir., 1976).30 12 U.S.C. § 375b(2)(a).31 12 U.S.C. §§ 1971, et seq. “Tying” isconditioning credit or the availability ofother services upon a customer’s agreementto engage in additional credit or servicetransactions with the bank or its affiliates.An examination report may be the most important vehicle for the ongoing regulatorysupervision and enforcement of the duties of depository institutions and theirdirectors. In making periodic examinations, the regulator will assess the quality of theinstitution’s assets, match assets with liabilities to evaluate liquidity and earnings, andreview management practices and capabilities. The report will specify any concernsthe regulator may have with respect to the institution’s operations and may makerecommendations or suggest goals for the institution to pursue. Directors shouldreview carefully all examination reports to inform themselves of the examiner’sanalysis of the institution’s operations and to ensure that management is acting tocorrect any identified problems.FIRREAIn 1989, Congress enacted the Financial Institutions Reform, Recovery andEnforcement Act of 1989 (FIRREA) in response to the rise in failures of depositoryinstitutions. FIRREA enhanced the enforcement powers of the Federal Deposit10Financial institutions guide

Insurance Corporation (FDIC) in two respects: (1) the FDIC was given broad authorityover federally insured banks and savings associations; and (2) the FDIC was givenpower to bring enforcement actions against any “institution-affiliated party,” which isdefined to include, among other things, any director, officer, employee or controllingstockholder (other than a holding company) of an insured depository institution.In addition to administrative remedies such as issuing cease and desist orders,suspension or removal from office, and prohibition orders, FIRREA empowers theFDIC to impose civil money penalties against institution-affiliated parties, includingindividuals who have left the institution, or individuals associated with institutionsthat are now closed. FIRREA sets forth three levels of civil money penalties that maybe imposed against an institution-affiliated party, ranging from less than $5,000to $1 million per day for continuing violations. Criminal penalties may range from$100,000 per day and one year’s imprisonment to $1 million per day and 20 years’imprisonment. These penalties also apply to violations of anti-tying provisions of theBank Holding Company Act, the Change in Bank Control Act, affiliate transactionrestrictions, and the National Bank Act.Statutory and common laws governing the responsibilities of directors of financialinstitutions vary from state to state. Historically, a director’s acts or omissions weretested against an ordinary prudent person standard. However, at least 43 states haveenacted statutes permitting corporations to adopt charter provisions that limit oreliminate the liability of directors (and, in some states, officers) for breach of the dutyof care. FIRREA, however, limits the ability of depository institutions to eliminate adirector’s liability for gross negligence.“Functional regulation”The Gramm-Leach-Bliley Act of 1999 changed how depository institutions and theirholding companies and affiliates are regulated. The Gramm-Leach-Bliley Act promotes“functional regulation,” meaning that traditional depository institution activitiesare regulated by depository institution regulatory agencies, securities activities areregulated by the Securities and Exchange Commission (SEC), insurance activities areregulated by the states, and so on.Many depository institutions offer securities, mutual funds and other types ofinvestments to customers as alternatives to traditional deposit instruments. Customersmay misunderstand the nature of non-deposit products because the products are oftensold within the institution’s premises by the institution’s employees. In many instances,personnel are required to register as brokers (or dealers) with the SEC and NationalAssociation of Securities Dealers. Moreover, the products offered may be “securities”under federal or state securities laws which must be registered with the SEC and/orstate agencies. And, under the Gramm-Leach-Bliley Act, depository institutions that actas advisers to mutual funds must register with the SEC as “investment advisers” underthe Investment Advisers Act of 1940. The Gramm-Leach-Bliley Act also contemplatesthe offering by depository institutions of “hybrid” products – products other thanequity swaps or a limited number of other products not previously regulated by theSEC as a security – and these may be regulated either by the SEC or by the FederalReserve Board, depending on the product in question.11Financial institutions guide

Sarbanes-OxleyThe Sarbanes-Oxley Act of 2002 was enacted by Congress to address several areasof national concern regarding corporate accounting and auditing, fraud and officerliability, and corporate transparency for publicly-held corporations. The most notableprovisions include:• A requirement that an independent accounting board be created to overseecorporate accounting and auditing practices;• A requirement that CEOs and CFOs of public companies participate in thepreparation of financial statements and personally certify the accuracy of suchstatements;• A requirement that an “internal control report” must be included in a publiccompany’s annual report, and that the company’s public accountant must attest tomanagement’s assessment of the company’s internal control structures;• A ban on corporate loans to directors and officers, except in certain limitedcircumstances;• The accelerated reporting of insider trades;• A requirement that audit committees be composed entirely of “independent”directors; and• The forfeiture of bonus and equity compensation for CEOs and CFOs in the eventof a material restatement of a company’s financial statements.The Sarbanes-Oxley Act imposes meaningful deterrents to promote compliance withboth the Act and pre-existing corporate obligations. Among other things, Sarbanes-Oxley establishes substantial monetary penalties and prison sentences for officerswho falsely certify financial statements, criminal charges for the wrongful destructionof documents or for failing to maintain audit records, an extension of the statuteof limitations for private securities fraud lawsuits, and criminal charges for certainfederal securities law violations.In addition to the requirements set forth by Sarbanes-Oxley, directors on auditcommittees of publicly traded companies are subject to additional requirementsimposed by the SEC. Among other things, the SEC requires the following:• The audit committee must prepare and issue an annual report, identifying thecommittee members and including statements regarding the audit committee’sreview of the company’s financials and the committee’s recommendations;• The company must disclose whether the audit committee has adopted a writtenaudit committee charter, which must be reviewed annually; and• Quarterly financial statements must be reviewed by an independent auditorand the results of that review must be discussed with the audit committee or itschairperson prior to the company’s quarterly SEC filing.12Financial institutions guide

Compensation regulationsDepository institutions whose stock or the stock of their subsidiaries is publiclytraded are subject to new compensation disclosure rules adopted and enforced bythe SEC. 32 The new rules are designed to provide investors with a clearer and morecomplete picture of the compensation of executive officers and directors, refinecompensation related disclosures, expand disclosures related to beneficial ownership,improve disclosures regarding related-party transactions, and consolidate existingdisclosure requirements regarding director independence and corporate governance.A company’s annual report must now include a Compensation Disclosure andAnalysis that discusses the material factors underlying the company’s compensationpolicies and decisions for executive officers.Privacy requirementsThe Gramm-Leach-Bliley Act sets forth requirements regarding an institution’s disclosureof their consumers’ non-public 33 financial information. 34 For example, all financialinstitutions must develop a privacy policy and disclose that policy to consumers. Afinancial institution may not disclose non-public personal information about consumersto nonaffiliated third parties, unless the financial institution has previously informed theconsumer that such information may be disclosed and the consumer has been giventhe opportunity to direct that such information not be disclosed. States may enact (andenforce) even more stringent financial privacy protection.Enforcement actionsDirectors of depository institutions may be the subject of other administrative andcriminal sanctions, including:1. Cease and desist orders12 U.S.C. § 1818(b) authorizes the appropriate federal regulatory agency, afternotice and an administrative hearing, to issue a cease and desist order (which mayinclude requiring the respondent to take affirmative action to correct the violation)against any institution affiliated party who: (1) has engaged, is engaging, or thereis reasonable grounds to believe will engage, in any unsafe or unsound practice; or(2) has violated, is violating, or there is reason to believe will violate, any law, rule orregulation or any written condition imposed by the agency in connection with thegrant of an application or other request.32 SEC Release No. 33-8732.33 The privacy provisions under the Gramm-Leach-Bliley Act of 1999 do not apply to publiclyavailable information – i.e., titles to property,tax liens, bankruptcy filings and judgments– or to depersonalized information, such asdemographic data. Caution should be paid,however, when non-public information andpublicly available information are combined.34 A “consumer” is defined as an “individual whoobtains from a financial institution, financialproducts or services that are to be usedprimarily for personal, family, or householdpurposes.” 15 U.S.C. § 6809(9). The definitiondoes not extend to a financial institution’sbusiness customers.2. Removal, prohibition and suspension12 U.S.C. § 1818(e) provides that the appropriate federal regulatory agencymay initiate proceedings to remove an institution-affiliated party from office andto prohibit any further participation by that party in the affairs of any insuredinstitution. Prohibition orders may be entered even where the institution-affiliatedparty is no longer affiliated with the institution. To issue a removal and prohibitionorder, the agency must determine: (1) that the institution-affiliated party has, directlyor indirectly, committed a violation of law, regulation, written agreement with orwritten condition imposed by the agency, or final cease and desist order, or hasparticipated in an unsafe or unsound practice or has committed a breach of fiduciary13Financial institutions guide

duty; (2) that such violation, practice or breach has resulted, or probably will result,in financial loss or other damage to the institution, has prejudiced or could prejudice,the interests of depositors, or has produced a pecuniary gain or other benefit tothe institution-affiliated party; and (3) that such violation, practice or breach eitherinvolves personal dishonesty or demonstrates a willful or continuing disregard for thesafety and soundness of the institution.3. Prompt corrective actionThe Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA)established a regulatory system allowing regulators to commence disciplinary actionas soon as an institution becomes undercapitalized. Pursuant to the directivescontained in FDICIA, each of the federal regulatory agencies developed two capitalstandards: (1) a leverage limit, which measures capital as a percentage of totalassets; and (2) a risk-based capital standard, which measures capital as a percentageof an institution’s risk-adjusted assets. Using these standards, regulatory agenciescategorize financial institutions as “well capitalized,” “adequately capitalized,”“undercapitalized,” “significantly undercapitalized” or “critically undercapitalized.”With respect to institutions classified as undercapitalized and lower, the appropriateregulator may order a range of disciplinary actions, including restricting the paymentof bonuses or raises to senior executive officers, requiring the replacement of seniorexecutive officers or directors and placing the institution in receivership.4. Criminal liabilityA number of criminal charges may be brought against directors, officers oremployees of federally-insured depository institutions, including the followingcommonly prosecuted offenses:• Misapplication or embezzlement of funds (18 U.S.C. §§ 656 and 657)• False entries in books (18 U.S.C. §§ 1005 and 1006)• False statements to a financial institution (18 U.S.C. § 1014)• False statements in any matter within the jurisdiction of the United Statesgovernment (18 U.S.C. § 1001)• Perjury (18 U.S.C. § 1621)• Violations of Bank Bribery Act (18 U.S.C. § 215)• Fraud (18 U.S.C. § 1344)14Financial institutions guide

Liabilities under the federalsecurities lawsSecurities Act of 1933“The statute imposes strictliability for any false materialrepresentation or omission inthe registration statement.”Congress enacted the Securities Act of 1933 (1933 Act) in reaction to the real andperceived abuses in the issuance of securities that resulted in the Wall Street crashof 1929. Subject to certain exemptions, the 1933 Act requires the registration ofsecurities being offered to the public. The 1933 Act requires full and fair disclosureof all material facts necessary for investors to evaluate whether to purchase, sell orhold the security. The most common allegation in suits seeking relief under the 1933Act is that a prospectus, registration statement, or attachments to the registrationstatement filed in connection with the public issuance of securities violated violatedthe Act because they contained material misstatements or omissions of materialfacts in connection with an offering. Plaintiffs often allege that the financialstatements incorporated into the prospectus and registration statement materiallymisrepresented the true financial condition of the corporation issuing the securities.Section 11 suits are commonly brought as class actions against the corporation, itsdirectors, any officers that signed the registration statement, and others. Section15 of the 1933 Act additionally imposes “controlling person” liability on otherdefendants to the same extent as the primary violator.In order to establish a prima facie case under Section 11, a plaintiff need not allegeany form of fraud or even negligent conduct on the part of the defendants. Rather,the statute imposes strict liability for any false material representation or omission inthe registration statement.Section 12(2) of the 1933 Act similarly gives purchasers of a security a remedyagainst the offer or seller of a security for misstatements or omissions in connectionwith the security’s offer or sale. If successful, the plaintiff in a Section 12(2) case isentitled to a return of the purchase price of the security. A seller is not liable if theseller did not know or in the exercise of reasonable care could not have known ofthe untruth or the omission. Under some circumstances, directors may be held liableas “sellers” under Section 12(2).Securities Exchange Act of 1934The Securities Exchange Act of 1934 (1934 Act) regulates the public trading ofsecurities. The 1934 Act requires public companies to file detailed quarterly, annualand other reports with the SEC. The most commonly invoked provision concerningliability in the 1934 Act is Section 10(b), as implemented by Rule l0b-5. Under Rulel0b-5, in connection with the purchase or sale of any security, it is unlawful for anyperson to:15Financial institutions guide

• employ any device, scheme or artifice to defraud,• make any untrue statement of a material fact,• omit to state a material fact necessary to make statements not misleading, or• engage in any act, practice or course of business which operates as a fraud ordeceit upon any person.Private actions under Rule l0b-5 are often brought as class actions, in which thedamages of a class of shareholders who purchased or sold during a given period areaggregated. In addition, “controlling person” liability may be imposed under Section20 of the 1934 Act. Under the anti-fraud provisions of the federal securities laws,directors and other “insiders” who are in possession of material inside informationeither must disclose the information to the investing public or abstain fromrecommending or trading in the securities while the confidential information remainsundisclosed. 35 Financial institutions that engage in brokerage activities or participatein mergers and acquisitions are also exposed to potentially significant liability underRule l0b-5. Persons in possession of material nonpublic information may not usesuch information for the benefit of their customers or in connection with trades onbehalf of themselves or their employer. 36Although, under the Gramm-Leach-Bliley Act, depository institutions are notincluded in the statutory definition of “broker” or “dealer” under the 1934 Act aslong as they engage only in specified securities transactions, affiliates and non-banksubsidiaries of a depository institution or its holding company may be subject tobroker-dealer regulations. Section 15(a) of the 1934 Act requires the registrationof any broker or dealer that effects any transaction in, or induces or attempts toinduce the purchase or sale of, any security (not including exempted securities).Section 15(c) prohibits the use of fraudulent or deceptive devices in connection withthe sale of any security by a broker-dealer. As “sellers” of securities under federalsecurities laws, broker-dealers are exposed to liability under many provisions of the1933 Act and the 1934 Act. The meshing of traditional products and services withsecurities activities exposes many financial institutions to additional and, possibly,unanticipated liability.Securities litigation reformBy the mid-1990s, a perception had developed that too many securities lawsuits oflittle or no merit – particularly class action suits for alleged violations of Section 10(b)of the 1934 Act and Rule 10b-5 – were being filed against companies whose stockhad dropped in price. The Private Securities Litigation Reform Act of 1995 (PSLRA)was intended to curb perceived abuses in securities litigation.The major reforms contained in the PSLRA include:35 SEC v. Texas Gulf Sulphur Co., 401 F.2d 833 (2dCir., 1968).36 See, e.g., Chiarella v. United States, 445 U.S.222 (1980); Dirks v. SEC, 463 U.S. 646 (1983).• An express safe harbor under the 1933 and 1934 Acts for both oral and written“forward-looking statements” (e.g., financial estimates), which providesprotection from liability for reporting companies and persons acting on theirbehalf in connection with forward-looking statements made in news releases,annual reports and other public disclosures16Financial institutions guide

• An enhanced standard of pleading, under which plaintiffs, to bring a securities fraudcase, must allege with particularity facts giving rise to a strong inference of fraud• A mandatory stay of discovery while a motion to dismiss a complaint is pending• A lead plaintiff provision creating a presumption that the “most adequate plaintiff”is the one with the largest financial interest• A proportionate liability rule to replace joint and several liability, except withrespect to defendants found to have knowingly violated the securities lawsCongress subsequently enacted the Securities Litigation Uniform Standards Act of1998, the principal effects of which were to prohibit plaintiffs from prosecutingsecurities fraud class actions in state court and to prohibit plaintiffs from pursuingstate law claims as part of securities fraud class actions in federal court.The U.S. Supreme Court has issued several important decisions that further definethe high pleading standards imposed on plaintiffs in securities fraud lawsuits underthe 1934 Act.In addition to shareholders, directors owe duties to their institution that maybe enforced by the institution directly or by shareholders on behalf of theinstitution – derivatively.17Financial institutions guide

Claims by or on behalf ofthe institutionClaims by the institutionAn institution may bring a direct action against current or, more often, former directorsand officers for breaching duties to the institution or its shareholders. The institution’sboard of directors generally has the power to determine whether or not such a lawsuitshould be filed against the institution’s directors and officers and, if it is filed, controlsall strategic decisions regarding the litigation. When an institution is insolvent orbankrupt, an entity that “stands in the shoes” of the institution, like a trustee, receiver,liquidator, or the FDIC, may also initiate a claim directly against current or formerdirectors or officers of the institution. The plaintiffs in those cases will often allegethat the directors and officers fraudulently transferred or misappropriated funds, orengaged in gross mismanagement, causing the institution’s insolvency or bankruptcy.Derivative claimsA derivative action may be brought by one or more shareholders on behalf andfor the benefit of the institution to recover for losses or damages suffered by theinstitution. If a harm or loss is suffered directly by the institution, thereby reducingthe value of its assets, shareholders are usually required to bring a derivative lawsuit,rather than a direct lawsuit.Derivative lawsuits are frequently brought against incumbent directors who, becauseof their own self-interest, elect not to authorize such an action by the institutionagainst themselves or other directors. Recovery in a derivative lawsuit is paid to theinstitution, not to the shareholders who brought the action, although the fees andexpenses of the shareholders’ attorneys are usually paid if a favorable settlement orjudgment is obtained.Because a derivative action is brought on behalf of the corporation and becausedirectors are normally entitled to deference in their corporate decisions (including thedecision whether to pursue legal action), a shareholder seeking to bring a derivativeclaim usually must first either demand that the board authorize the company toprosecute the claim directly or demonstrate the futility of making such a demand. 37In the face of a derivative lawsuit, directors will often appoint a special litigationcommittee comprised of disinterested directors to independently evaluate whetherpursuing the proposed litigation is in the best interests of the corporation. Generally,if the committee is independent in both its investigation and conclusions, a court willdefer to the committee’s decisions whether continuing or terminating the litigation isin the best interest of the corporation.37 Kamen v. Kemper Fin. Servs., Inc., 500 U.S.90 (1991); Levner v. Saud, 903 F. Supp. 452(S.D.N.Y. 1994), aff’d, 61 F.3d 8 (2d Cir. 1995).When the FDIC has taken control of a depository institution, FIRREA vests in theFDIC all rights and powers of a shareholder of the institution to bring a derivativeaction. Accordingly, in such instances, the FDIC has the right, power and privilege todemand corporate action or sue directors when action is not otherwise forthcoming.18Financial institutions guide

Liabilities to third partiesLiability to borrowersCases brought by borrowers are often referred to as “lender’s liability” cases. Suchsuits are normally brought against the institution itself but, in certain circumstances,may be brought against directors as well. Some examples of typical “lender’sliability” cases are as follows:• A suit by a borrower against a loan officer alleging misrepresentation – for example,that the officer promised to extend more credit or to grant an extension of time andthat when the officer failed to do so, the borrower’s business suffered.• Improper foreclosure or sale proceedings, including allegations that a loan officerfailed to conduct a “commercially reasonable” sale.• Violation of federal or state truth-in-lending laws.• “Slander of credit” cases arising out of a loan or credit officer’s statements to athird-party that effects a borrower’s credit.• “Domination and control” cases. Lenders who exercise domination and control overa borrower’s business to the detriment of the borrower or persons dealing withthe borrower may be liable for duress, economic coercion and interference withcorporate governance.• “Bad faith” or breach of implied covenant of fair dealing.Liability to employeesDirectors are subject to liability for violations of laws protecting employees againstunlawful discrimination based on race, age or sex, as well as wrongful terminationand sexual harassment. Naturally, when corporate officers participate in a violation ofan employee’s civil rights, they face potential personal liability. However, even if notdirectly involved in the wrongdoing, directors and officers may be liable under stateand common law for claims related to wrongful discharge, retaliation, workplaceharassment, defamation, infliction of emotional distress, invasion of privacy, andnegligent hiring, training, or supervision. Federal class action claims pursuant to TitleVII typically can be brought only against the corporation as the employer and notagainst any directors or officers. While most employment claims can be resolvedon an individual basis for relatively small sums, claims brought by senior officerswith high compensation or lucrative stock options can be difficult and expensive todefend and resolve. In addition, directors face far more significant potential exposurewhen their board decisions are perceived to have negatively impacted a class ofemployees, such as with large scale reductions-in-force.Liability to employee benefit plan participantsOfficers who serve as fiduciaries of their company’s employee benefit plans may benamed as defendants in suits brought by plan participants for their alleged loss or19Financial institutions guide

“In recent years, there hasbeen a marked increase inthe frequency and severity ofERISA class-action litigationagainst directors and officersfollowing a significant drop ina company’s stock price.”denial of benefits. Directors and officers may also face liability under the EmployeeRetirement Income Security Act of 1974 (ERISA) when they function as fiduciaries,serve on committees that oversee or monitor the plans, or issue statements that mayinfluence a plan participant’s decisions with respect to the plan.In recent years, there has been a marked increase in the frequency and severity ofERISA class-action litigation against directors and officers following a significantdrop in a company’s stock price. The lawsuits are typically filed by and on behalfof participants and beneficiaries of a company’s retirement plan when the planowns company stock as an investment option. Plaintiffs in these lawsuits generallyallege that directors and officers breached their fiduciary duties under ERISA by (i)allowing the plan or its participants to purchase of company stock as an investmentoption when they knew or should have known that the stock was not a prudentinvestment, or (ii) misrepresenting or failing to disclose to the plan participantsmaterial information about the company.20Financial institutions guide

Loss control: protecting directors& officers against liabilityIn the light of the applicable legal principles and case law, what steps shoulddirectors & officers of depository institutions take to protect themselves againstliability? The following are some suggestions for establishing a protection program.These suggestions are not meant to be all-inclusive. It should be emphasized thatthe institution’s general counsel will normally play a leading role in the design andimplementation of any loss control or protection program.Prior protection: promoting awareness• Prepare a code of conduct covering such matters as conflicts of interest, insiderloans, insider trading, safeguarding confidential information, acceptance of giftsand fees, political contributions and other legal and ethical issues. Be sure thecode of conduct is properly communicated and understood.• Establish an orientation program for new directors to make them familiar withbasic institution policies and regulatory requirements.• Send periodic memoranda to directors on recent significant legal and regulatorydevelopments.• Establish ongoing training seminars for directors and key employees to increaseawareness of risks, promote good corporate governance and ensure compliancewith regulations.• Establish training programs for officers focused on “lender’s liability” issues,including obtaining proper loan documentation, lending limits, disclosures toborrowers, perfection of security interests, analysis of borrower and guarantorfinancial information, proper reporting of defaults and loan deficiencies andenvironmental compliance.• Implement credit review procedures designed to reveal problem loans and othercredit problems.Protection against claims of negligence• Attend meetings, participate actively and demand responsive answers frommanagement. Directors should be sure that they understand issues before they vote.• Avoid conflicts of interest whenever possible and fully disclose and recuse yourselffrom any truly unavoidable conflicts.• Conduct board meetings in an environment that encourages candid, opendiscussion and active questioning of management.• Whenever possible, materials should be sent to directors in advance of anymeeting and directors should review and understand materials prior to meetings.21Financial institutions guide

• Copies of regulators’ examination reports should be provided to directors andreviewed carefully. Insist on prompt follow-up action to correct deficiencies.• Investigate warning signs. Important decisions should be thoroughly investigatedand approved by knowledgeable, informed and truly independent persons basedon the advice of qualified outside advisors.• Review periodic reports filed with the institution’s regulators.• Insist on regular reports from officers, including financial summaries, key financialratios and details of problem loans and other weaknesses.• Establish appropriate committees composed of independent directors. Thequalification of committee members will vary depending on the nature of thecommittee. For instance, audit committees should be composed of independent,financially literate members who can fully understand and critique the company’sfinancial statements.• Conduct periodic self-evaluations to analyze the board’s overall performance andthe performance of individual directors.• Establish and monitor key performance criteria reflecting the company’s financialstability and fulfillment of strategic goals.Protection against liability under federal securities laws• Periodic reminders should be given to directors and officers regarding the legalconsiderations involved in buying or selling the company’s stock and reportingrequirements under the 1934 Act or other applicable laws.• Establish proper “due diligence” procedures for review of registration statements,proxy statements, and periodic statements filed with the SEC or other agencies.• Establish corporate procedures for handling disclosures of corporate informationto security analysts and others.• Circulate a policy statement on insider trading so that all directors and officers areaware of the applicable rules.Protection against liability in the sale of the company• In major transaction such as a sale or takeover of the institution or the acquisitionof another entity has been proposed, directors should be well informed about thetransaction and the benefits to the institution and its shareholders.• If appropriate, the board should appoint a special, disinterested committee toreview any proposed transaction.• The board or committee should retain competent independent advisers, includinglegal counsel and investment bankers. The advisers should be given completeaccess to management and relevant documents.• When the transaction is presented to the full board, interested directors shouldabstain from discussing and voting on the transaction.22Financial institutions guide

• The board should ensure that, if a shareholder vote is required, proxy materialsmake full and accurate disclosures of the transaction and any director’s interest inthe transaction.• Any defensive measure adopted by the board in response to a takeover must bereasonable in relation to the reasonably perceived threat posed by the takeover bid.• If the institution initiates an active bidding process, the board must notunreasonably interfere with an open, unrestrained bidding process.Limitation of liability statutesA number of states have enacted statutes which limit the liability of directors, andsometimes officers. Most of these statutes require a corporation to adopt a charteramendment in order to take advantage of the protection afforded by the statute.Although limitation of liability statutes vary from state to state, they generallypermit a corporation to eliminate or limit the personal liability of a director to thecorporation or its shareholders for monetary damages for a breach of the dutyof care. Corporations may not eliminate or limit the liability of their directors forbreaches of the duty of loyalty, intentional misconduct, or transactions from whichthe directors derive an improper personal benefit.Limitation of liability statutes may or may not apply to state-chartered depositoryinstitutions, depending on the state. They do not apply to national banks or otherfederally chartered depository institutions. And, even if a limitation of liabilitystatute is applicable, under FIRREA it will not eliminate a director’s liability for grossnegligence. Limitation of liability statutes can, however, protect directors of affiliatesand subsidiaries.Because some states have only enacted enabling statutes, which allowshareholders to approve certain liability limiting provisions, directors should becareful to ensure that the maximum protection available in their applicable state isidentified and implemented.“All states have enactedstatutes that either permitor require corporations toindemnify their directorsagainst expenses incurredin connection with lawsuitsagainst them in theircapacities as directors.”Indemnification1. General principles of indemnificationIndemnification is the legal process by which an institution reimburses its directorsfor expenses or damages they incur if they are sued in connection with their dutiesfor the institution.All states have enacted statutes that either permit or require corporations toindemnify their directors against expenses incurred in connection with lawsuitsagainst them in their capacities as directors. Federal regulatory authorities have alsoissued rules relating to indemnification. For example, a regulation of the Comptrollerof the Currency provides that national banks may, with certain limitations, providein their articles of association for the indemnification of their directors in accordancewith the standards reflected in the state in which the bank is headquartered or thestandards set by the Model Business Corporation Act.23Financial institutions guide

Most indemnification statutes distinguish between derivative actions and third-partyactions. Derivative actions are actions in the name and on behalf of the corporation,and the recovery, if any, goes to the corporation. Because of the circular nature ofany settlement or judgment, a director’s right to be indemnified in connection witha derivative action is more limited than the right to be indemnified with respect tothird-party actions. For example, under Delaware law and in many other states, adirector may be indemnified against expenses (including attorney’s fees) incurred inthe defense of a derivative action unless he was adjudged liable for negligence ormisconduct, but may not be indemnified against any judgment or settlement in anysuch derivative action. With respect to third-party actions, on the other hand, thecorporation may indemnify directors against expenses, judgments, fines and amountspaid in settlement, provided that in either case the director acted “in good faith and ina manner he reasonably believed to be in or not opposed to the best interests of thecorporation” (and, with respect to criminal actions, if he had no reasonable cause tobelieve his conduct was unlawful).Indemnification under Delaware law must be authorized in each case upon adetermination that indemnification is proper because the director has met thestandard of conduct described above. This determination must be made either bythe board of directors (by a majority vote of a quorum of directors who were notparties to the suit), by independent legal counsel or by the shareholders. The statutesgenerally also allow advances of expenses during the pendency of the lawsuit,although specific language in the charter or bylaws may be needed to clarify theright to advancement.The indemnification protections set forth in most states’ indemnification statutesare permissive in nature. Therefore, except in certain limited circumstances, aninstitution is not required to indemnify a director or officer unless the corporation’sarticles of incorporation, by-laws, or other corporate documents specificallymandate such indemnification. An institution intending to provide the broadestscope of indemnification for its directors and officers should include the followingfeatures in its internal indemnification provision:• Providing for indemnification “to the fullest extent permitted by law.”• Requiring indemnification, rather than merely permitting the corporationto indemnify.• Requiring the advancement of defense expenses, subject only to an unsecuredobligation to repay the expenses if a court subsequently determines theindemnification was not permitted.• Shifting the burden of proof to the corporation to prove that the director orofficer is not entitled to the requested indemnification.• Requiring the corporation to reimburse the director or officer for any expensesincurred in an indemnification claim against the corporation if the director orofficer is successful in whole or in part.• Providing that the director or officer has a right to an appeal or an independent denovo determination as to indemnification entitlement.24Financial institutions guide

• Expressly stating that the indemnification rights constitute a contract, areintended to be retroactive to events occurring prior to their adoption and shallcontinue to exist after the rescission or restrictive modification of the provisionwith respect to events occurring prior to that rescission or modification.Alternatively, a separate indemnification contract could be executed by thecorporation and the director or officer.• Expressly stating that any director or officer who serves on behalf of asubsidiary of the corporation or any employee benefit plan of the corporationor such subsidiary is deemed to be providing such service at the request ofthe corporation. Thus, a director or officer of a subsidiary will be entitled toindemnification from both the subsidiary and the parent company.• Requiring indemnification of expenses incurred by a director or officer as a plaintiffin a suit only if the board of directors approves prosecution of the suit by thedirector or officer.2. Gaps in protection under indemnification statutesThere are a number of obvious gaps in the protections afforded to directors by stateindemnification statutes:• Most state indemnification statutes permit indemnification only if the director’sor officer’s conduct was in good faith and he or she reasonably believed that theconduct was in the best interests of the corporation or at least not opposed tothe corporation’s best interests. In the case of criminal proceedings, the director orofficer must have had no reasonable cause to believe the conduct was unlawful.Conduct violating these standards may not be indemnified.• Most state indemnification statutes prohibit indemnification of settlements andjudgments in claims by or on behalf of the corporation, including shareholderderivative lawsuits.• Even with respect to defense costs incurred in derivative lawsuits,indemnification is not permitted under most state statutes if the director orofficer is adjudged liable to the corporation, unless and only to the extent acourt determines that the defendant director is fairly and reasonably entitled toindemnification for the expenses.• The appropriate decision-making body (the board, the shareholders orindependent legal counsel) may be unable or unwilling to conclude that thedirector has met the required standard of conduct. This may be a particularproblem if control of the institution has changed hands or the facts as to theindividual’s conduct are in dispute.• The SEC takes the position that indemnification by a corporation of directors,officers or controlling persons against liabilities arising under certain of the federalsecurities laws is against public policy and unenforceable. The SEC argues thatthe purpose of the securities laws is, at least in part, to provide deterrence againstnegligence and other misconduct by directors and officers, and that this deterrenteffect would be reduced or eliminated if the directors and officers could beindemnified. This position has been upheld by many courts.25Financial institutions guide

• An institution may be insolvent or otherwise unable to make indemnification.• Existing and proposed federal regulations may restrict indemnification. Forexample, under the current regulations of the Comptroller of the Currency,indemnification for civil money penalties is prohibited.Directors’ & officers’ liability insuranceD&O liability insurance provides a substantial measure of protection against thegaps in corporate indemnification, including coverage for most judgments andsettlements in derivative actions and protection when the institution is not permittedor financially unable to indemnify its directors. This section will briefly describe D&Oinsurance policies and the protections they generally offer.D&O policies issued by different insurance companies differ widely in their coverage.In most cases, directors should ensure that a qualified broker, counsel, risk manageror other expert is involved to critique their D&O insurance program and assist inimproving the protection afforded by that program.“Most D&O policies offer atleast two forms of coverage.The first, referred to as thepersonal, direct, or “Side-A”coverage, provides coverage forclaims made against individualdirectors and officers for lossesthat are not indemnified by thecompany. The second form ofcoverage, referred to as thecorporate reimbursement, or“Side-B” coverage, providesreimbursement for sumsthe company incurs in itsindemnification of loss incurredby the directors and officers.”1. Basic features of D&O policiesD&O policies are “claims made” policies, which means that they cover claims firstmade during the policy period, whether the alleged wrongdoing occurred during orbefore the policy period. Therefore, it is important for corporations to maintain highqualityD&O policies for many years after a director’s or officer’s service ends, as coveragefor the former director or officer will be determined based on the policy in existencewhen the subsequent claim is made, and not when the alleged wrongdoing occurred.Most D&O policies offer at least two forms of coverage. The first, referred to as thepersonal, direct, or “Side-A” coverage, provides coverage for claims made againstindividual directors and officers for losses that are not indemnified by the company.The second form of coverage, referred to as the corporate reimbursement, or “Side-B”coverage, provides reimbursement for sums the company incurs in its indemnificationof loss incurred by the directors and officers. Both forms of coverage apply only to lossincurred by the directors and officers in claims made against the directors and officers.Although both types of coverage are contained in the same insurance policy, each willbe set forth in a separate insuring clause and each will be subject to different retentions,and perhaps exclusions.Many D&O policies can also cover the institution’s liability to third parties in connectionwith certain types of claims against it for its own alleged misconduct. Unless a D&Opolicy explicitly covers the institution’s liability to third parties, an institution will notbe entitled to coverage under its D&O policy, except with respect to its obligation toindemnify its directors and officers.2. Self-insured amounts and policy limitsNormally, a D&O policy will include a retention (the amount the insureds must paybefore the insurer’s obligations attach) under the Company Reimbursement (Side-B)coverage for loss the institution is required or permitted to pay as indemnification.A different self-insured retention may apply with respect to the institution’s ownliability to third parties, or to other specific types of claims. Typically, D&O insurers do26Financial institutions guide

not impose a self-insured retention with respect to non-indemnified loss incurred bythe directors and officers under “Side-A.”A D&O policy will have a fixed policy limit. If the term of the policy is one year, thelimit of liability will typically be an aggregate limit of liability applicable to all claimsmade during the term of the policy. If the term of the policy is two years or more,there may be separate limits of liability for each policy year.3. Definition of “loss”The definition of “loss” generally includes amounts that the directors and officersare legally obligated to pay as the result of a claim, including damages, judgments,settlements and costs, charges and expenses (excluding salaries of officers oremployees of the institution), incurred in the defense of the claim and appeals.Fines and penalties are generally excluded, as are matters uninsurable under thelaw pursuant to which the policy is construed. Punitive and exemplary damagesmay or may not be covered, depending on the policy and the state in which thepolicy is construed.“Virtually all D&O policiesexclude claims against theinsureds based upon orattributable to their gainingin fact any personal profit oradvantage to which they werenot legally entitled.”4. Definition of “wrongful act”The term “wrongful act” is usually defined as any actual or alleged error,misstatement, misleading statement, act or omission or neglect or breach of dutyby the directors and officers or any matter claimed against them by reason of theirbeing directors or officers of the institution or its subsidiaries. If coverage is availablefor the institution’s liability to third parties for its own alleged misconduct, thedefinition of “wrongful act” will also include those actual or alleged acts, errors oromissions by the institution for which the policy provides coverage.Unless otherwise provided in the policy, coverage is only available for directors andofficers in their capacity as directors and officers of the institution to which the policywas issued. Coverage is not available for wrongdoing committed by the directors andofficers in their personal capacities or as directors or officers of any other company.5. ExclusionsAll D&O policies contain specific exclusions that further define the scope of coverageafforded by the policy. Some exclusions are included to prevent an overlap ofcoverage with other forms of insurance available. Others are included becausethe exposure is not considered to be insurable. There are a number of what areconsidered “standard” exclusions in D&O policies. For example, virtually all D&Opolicies exclude claims against the insureds based upon or attributable to theirgaining in fact any personal profit or advantage to which they were not legallyentitled. This would limit coverage in connection with cases where the directors orofficers are held liable for self-dealing or breaches of the duty of loyalty. Most D&Opolicies also exclude claims brought about or contributed to by the dishonesty orfraud of the insureds. D&O policies usually exclude claims brought by one insuredor the institution against another insured, except in certain limited circumstances. Inaddition, D&O policies usually exclude claims made against the directors and officersfor bodily injury or property damage, or violations of ERISA.27Financial institutions guide

ConclusionCorporate indemnification and D&O insurance cannot protect directors against all ofthe liabilities to which they are subject – in particular, those attributable to conflictsof interest, self-dealing, fraud or dishonesty. This is hardly a surprising conclusion.Only the directors’ own good faith and diligence can offer complete protectionNevertheless, depository institutions and their management are well served by agood risk management program that includes: (1) loss control mechanisms designedto help the directors and officers understand and act in accordance with theirduties, (2) charter provisions to take advantage of limitation of liability statutes, ifapplicable; (3) bylaw provisions and, if appropriate, separate contractual agreementsproviding for indemnification and advancement to the fullest extent permitted underapplicable law; and (4) a well-considered program of D&O insurance. Such a riskmanagement program will help depository institutions attract and retain the qualitymanagement they need to compete effectively in today’s competitive and rapidlychanging environment.28Financial institutions guide

A1-19022-A (06/10) 10-1455Zurich1400 American Lane, Schaumburg, Illinois 60196-1056800 382 2150 www.zurichna.comThe information in this publication was compiled from sources believed to be reliable for informationalpurposes only. All sample policies and procedures herein should serve as a guideline, which you can use tocreate your own policies and procedures. We trust that you will customize these samples to reflect your ownoperations and believe that these samples may serve as a helpful platform for this endeavor. Any and allinformation contained herein is not intended to constitute legal advice and accordingly, you should consultwith your own attorneys when developing programs and policies. We do not guarantee the accuracy of thisinformation or any results and further assume no liability in connection with this publication and samplepolicies and procedures, including any information, methods or safety suggestions contained herein. Moreover,Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedureor that additional procedures might not be appropriate under the circumstances. The subject matter of thispublication is not tied to any specific insurance product nor will adopting these policies and procedures ensurecoverage under any insurance policy. Risk engineering services are provided by Zurich Services Corporation.©2010 Zurich Services Corporation. All rights reserved.